You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

I have popups and recently i got this virus i forgot what it is called but i was playing this game. I had 200 ping from and now 280 and ive been lagging alot. The virus description said " Makes computer slow and internet slow " and i have been experiencing that. Here is a HiJackThis Log.

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)

I want to apologise that it has taken so long to get back to you. We on the HJT Team are working as fast as possible to get your log answered.

If you do not still need help, please let me know, so that I can move on to other users who still need help.

Please take note of the following:

While a HJT Team member is working with you, please refrain from making any changes to your computer.

Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself.

If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.

Please reply using the button in the lower left hand corner of your screen.

Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave, and if there is no contact for that amount of time I will have to assume you have "vanished" .

[HKEY_USERS\S-1-5-21-1417001333-1078145449-2147034123-1004\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]"{C4069E3A-68F1-403E-B40E-20066696354B}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1417001333-1078145449-2147034123-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]46 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]facebook.com\www: * in My Computer106 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]45 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]45 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-1417001333-1078145449-2147034123-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]facebook.com\www: * in My Computer106 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]"{E60A0B68-353A-81DD-ED09-2A8101A1DFB1}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== LSA *Authentication Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]"Authentication Packages"=msv1_0,C:\WINDOWS\system32\hgGaxxWP,>File not found --

For the kaspersky online scanner it might take long because sometimes my family cancel it or another family member want to go on. Ill get it to you asap. By the way was the Otviewit scanner suppose to be on 30 days?

Disable any running Anti-Virus or Anti-Malware programs. This includes Firewalls, Anti-Virus, Spyware Scanners, etc. Any or all of them may interfere with the running of ComboFix.

Double click on your desktop.

Read and accept (Press Yes) to the disclaimer.

For Windows XP Systems: Install the Recovery Console:

If you are using Windows XP and do not already have the Recovery Console installed, please ensure your internet connection is active (if possible), and press Yes. If for some reason your internet is not working, please press No. If you are not using Windows XP, you will not be prompted.

When prompted to accept the EULA, press OK.

Accept Microsoft's EULA (Press Yes).

When you are told that the RC is installed correctly, please press YES to continue scanning for malware.

ComboFix will run. Simply wait for it to finish.

When it finishes, ComboFix will produce a log. Please post that log in your next reply here

In your next reply, please include the following:

ComboFix.txt

Billy3

Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)

While i was doing ComboFix it said i wasn't online and i couldn't download Recovery Install, also when i was doing Combofix my desktop would just go blank sometimes and the taskbar also, is that wierd or natural.

Hello, dog54321.You have a Peer-To-Peer program installed.Your log shows that you are using so called peer-to-peer or file-sharing programs (in your case LimeWire). These programs allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organizations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

Click into the text area, right-click and chose "select all" (or use <Control>+A)

Right-click again and chose "Copy" (or <Control>+C)

Close/Exit Notepad

Navigate to this thread and post your log along with anything else requested from us, by right-clicking and "paste" (or ctrl+v) in the text area of the reply post you just created.

Note: For Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)

In your next reply, please include the following:

ESET OnlineScan's Log

A New HiJack This log

Billy3

Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)